Skip to content

Active incidents and Sophos MDR

Sophos Managed Detection and Response is a fully managed service delivered by experts who detect and respond to cyberattacks targeting your computers, servers, networks, cloud workloads, email accounts, and more.

When we identify an active incident, the Sophos MDR operations team will investigate and respond in minutes, whether you need full-scale incident response (exclusive to MDR Complete customers) or help making accurate decisions.

Direct Call-in Support

Your team has direct call-in access to our Security Operations Center (SOC) to review potential threats and active incidents. The Sophos MDR operations team is available 24/7/365 and backed by support teams across 26 locations worldwide.

Threat Containment

Sophos MDR Complete includes full-scale incident response. For organizations that opt for Sophos MDR without full-scale incident response, the Sophos MDR operations team work to stop the attack and prevent it from spreading. The MDR Ops team will also provide guidance on neutralization. This reduces workload for internal security operations teams and enables them to rapidly execute remediation actions.

With the MDR Essentials service tier, if an active incident occurs, the MDR Ops team offers direct call-in support and threat containment. Unlike MDR Complete, with MDR Essentials, the Ops team will work to stop the attack, preventing spread, but will give you guidance on how to neutralize it yourself. Calling for questions about the MDR Service or cases is reserved for MDR Complete Customers.

How to open an MDR case